Week in Core, August 23 – 30, 2016

Welcome back the latest issue of Week in CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress., covering changes [38346-38455]. Here are the highlights:

• 110 commits
• 62 contributors
• 111 tickets created
• 20 tickets reopened
• 128 tickets closed

Ticketticket Created for both bug reports and feature development on the bug tracker. numbers based on trac timeline for the period above. The following is a summary of commits, organized by component.

Code Changes

AccessibilityAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility)

• Hide the “No activity yet” smiley from assistive technologies. [38448] #37511
• Improve the file upload inputs styling [38435] #35552

Adminadmin (and super admin)

• Allow WP_Screen to be checked via autoload in convert_to_screen(). [38414] #36335

Administration

• Underline links in the admin footer for better accessibility. [38347] #37529

Bootstrap

• Check that ini_get_all() exists before calling it, allows us to work around hosts who disable the function for “security purposes”. [38431] #37680
• Fix failing external HTTPHTTP HTTP is an acronym for Hyper Text Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. tests after [38411] [38416] #36335
• After r38409 and r38410, revert r38402 which reverted r38399 [38411] #36335
• Run composer install after r38409. [38410] #36335
• Move composer.{jsonJSON JSON, or JavaScript Object Notation, is a minimal, readable format for structuring data. It is used primarily to transmit data between a server and web application, as an alternative to XML.|lock} into src. [38409] #36335
• Revert [38399] as it’s broken /build/ and subsequently core.svn.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ [38402] #36335
• Autoload classes using a Composer-generated PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 or higher 5.2-compatible Autoloader [38399] #36335
• Exclude more files from the autoloader.classmap in composer.json. [38395] #36335
• Add composer.lock and src/wp-vendor files. Nothing is using this code yet, just going through the motions. Ignore the files in src/wp-vendor/composer that will explode in PHP 5.2. [38394] #36335
• Run composer require xrstf/composer-php52 to get the updated suggested version. Change the vendor-dir to wp-vendor. [38393] #36335
• Exclude some files from the Composer autoload setup via exclude-from-classmap. [38391] #36335
• Load option.php in wp-settings.php, not in functions.php. [38386] #36335
• Add a composer.json file to the project. No code relies on it (yet), and no vendor dir is checked in (yet). No autoloader is being used (yet). Taking this first step will hopefully encourage the perfectionists of our world to scrutinize each line [38384] #36335

Build/Test Tools

• Add support for is_front_page() to assertQueryTrue() and assert that all the tested conditions are supported by the method. [38405] #37849
• Remove many unnecessary calls to rand_str() which can, in theory, fail at random. Static strings are much more appropriate. [38382] #37371
• Ensure the Tests_Query_Conditionals tests set up the environment correctly before re-registering initial taxonomies. [38407] #37851
• Require Basic_Object and Basic_Subclass files earlier in call stack [38445] #37523
• Add docblocks for Basic_Object and Basic_Subclass classes. [38444] #37523
• Use shared fixture in comment_exists() tests. [38372] #37842

Comments

• Don’t do direct SQL query when fetching decendants [38446] #37696
• Add support for all HTTP protocol versions when returning a 405 from wp-comments-post.php. [38432] #37863

Cron

• Clarify descriptions for Cron APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. functions. [38357] #37769

Customize

• Allow users to more seamlessly create page-based nav menus during customization [38436] #34923
• Circumvent the customizerCustomizer Tool built into WordPress core that hooks into most modern themes. You can use it to preview and modify many of your site’s appearance settings. attempting to preview links to static assets (such as uploaded images) [38396] #37828

Database

• Don’t force an unsupported character set that previously would’ve silently failed [38441-38442] #37689
• Ensure that variables are defined correctly [38439-38440] #37683

Docs

• Alignment after [38369]. [38370] #37770
• Correct various documentation around object and stdClass types. [38369] #37770
• Add a missing parenthesis in an example in the DocBlockdocblock (phpdoc, xref, inline docs) for wp_redirect(). [38350] #37770
• Improve the docs for the_title() and make them more consistent with the_title_attribute(). [38348] #37732

Editor

• Fix jumpiness on pressing backspace and delete in the Text editor. [38426] #37690
• Use Beacon API over sync request [38425] #
• Improve word-count.js documentation. [38358] #37718

Embeds

• Wp-settings.php loads class-wp-embed.php, which currently produces side effects. Move the global instantiation to wp-settings.php. WP_Embed is then in a file by itself. [38362] #37827
• Add a missing regex delimiter for Facebook URLs. [38368] #34737
• Add support for embedding Facebook posts and videos via oEmbed. [38367] #34737
• Many of our oEmbed providers now default to HTTPSHTTPS HTTPS is an acronym for Hyper Text Transfer Protocol Secure. HTTPS is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted. This is especially helpful for protecting sensitive data like banking information. embeds, redirect to the HTTPS oEmbed endpoint, or have complete support for HTTPS even if they don’t default to HTTPS [38366] #28507
• Always use the HTTPS endpoint for YouTube embeds. The scheme parameter is no longer required as all YouTube assets now use HTTPS. [38365] #36274, #28507

FTPFTP FTP is an acronym for File Transfer Protocol which is a way of moving computer files from one computer to another via the Internet. You can use software, known as a FTP client, to upload files to a server for a WordPress website. https://codex.wordpress.org/FTP_Clients.

• Ensure that there is only one class named ftp, which is what is expected in the loading of this arcane library. This ensures that an autoload generator, something along the lines of Composer, won’t hiccup when it gets to these files. [38380] #36335

Feed

• Move ‘WP_Feed_Cache’, ‘WP_Feed_Cache_Transient’, WP_SimplePie_File and WP_SimplePie_Sanitize_KSES into their own files via svn cp. If we move forard with autoloading, class-feed.php is useless. We could even remove it now, and just load these new files in wp-settings.php. That can be decided post-mortem. class-feed.php is an interesting name: there is no Feed or WP_Feed class. [38354] #37827

Formatting

• Add a parameter to wp_send_json_error(), wp_send_json_success(), and wp_send_json() for specifying the HTTP response code [38422] #35666
• For a performance boost in remove_accents(), convert chr() calls to string literals. [38359] #37643

General

• AJAX actions for List Tables do not need to declare global $wp_list_table. List tables on admin screens are in global scope, and they contain hooksHooks In WordPress theme and development, hooks are functions that can be applied to an action or a Filter in WordPress. Actions are functions performed when a certain event occurs in WordPress. Filters allow you to modify certain functions. Arguments used to hook both filters and actions look the same. that don’t pass the the list table as context, hence using globals there so that functions can import them. That problem does not exist in the AJAX actions, which are virtually impossible to hook into as is. [38455] #37699
• Move _WP_List_Table_Compat into its own file. [38392] #37827
• There is no good reason for class-wp-site-icon.php to drop a global instance of itself whenever the file is loaded. The lone use of the global instance of WP_Site_Icon is in an AJAX action that provides virtually no way to override – the file is loaded immediately before the global is used. [38355] #37699
• Correct the documentation for the wp_dropdown_users_args filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. description and its parameters. [38406] #37770
• After r38303, replace usage of global $_wp_additional_image_sizes with wp_get_additional_image_sizes(). [38383] #37699
• Move WP_Session_Tokens and WP_User_Meta_Session_Tokens into their own files via svn cp. If we move forard with autoloading, session.php is useless. We could even remove it now, and just load these new files in wp-settings.php. That can be decided post-mortem. [38353] #37827
• Move WP_Text_Diff_Renderer_inline (behold that lowercase “i”) and WP_Text_Diff_Renderer_Table into their own files via svn cp. [38352] #37827
• Break up class-IXR.php into individual class files. [38389] #37827
• After [38399], update the .gitignore file accordingly. [38401] #36335

HTTP API

• Accept non-string values in cookies, fixing a regressionregression A software bug that breaks or degrades something that previously worked. Regressions are often treated as critical bugs or blockers. Recent regressions may be given higher priorities. A "3.6 regression" would be a bug in 3.6 that worked as intended in 3.5. since 4.5. [38430] #37768
• Handle an edgecase within the URI parsing library included in Requests, where if a double slash exists at the start of the path the URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org is passed to cURL malformed. [38429] #37733
• Separate the test for wp_parse_url() with -1 as its component into a separate test, so the remaining tests can use strict type checking. This helps avoid gotches with the potentially empty values (ie. null) that we’re testing for. [38453] #36356
• The tests for wp_parse_url() can’t be strict on type because this causes the tests to fail on PHP 5.2 which, bizarrely, returns the results of parse_url() (when called with a $component parameter) in a different order to later PHP versions. [38452] #36356
• Prevent a fatal error on PHP < 5.4.7 due to changes introduced in [38449]. [38450] #36356
• Add a $component parameter to wp_parse_url() to give it parity with PHP’s parse_url() function. [38449] #36356

I18Ni18n Internationalization, or the act of writing and preparing code to be fully translatable into other languages. Also see localization. Often written with a lowercase i so it is not confused with a lowercase L or the numeral 1. Often an acquired skill.

• Correct various instances of incorrect usage of esc_attr_e(). [38424] #37457Iimprove accuracy of docs. [38360] #37585
• After r38364, check that global $wp_locale is an instance of WP_Locale before calling ->is_rtle() in is_rtl(). [38438] #37827
• Retire another remaining wp-includes/locale.php require, and instead load the required WP_Locale class directly. [38404] #37827
• Move is_rtl() to l10n.php (which loads way earlier). Load WP_Locale file in wp-settings.php. Retire wp-includes/locale.php – it only loaded the class and the one function, is_rtl(). If someone loaded this file for fun somewhere else, it would be a fatal error. [38364] #37827

Load

• Move WP_MatchesMapRegex into its own file. [38376] #37827
• Remove class-feed.php (There is no class named Feed or WP_Feed, it just loads other classes) and, instead, move the require calls to the only place they are ever included: inside fetch_feed(). This simplifies the include path. [38374] #36335
• Remove session.php and, instead, move the 2 require calls to wp-settings.php. This simplifies the include path. [38373] #36335
• Load class-phpass.php (PasswordHash class) early in wp-settings.php, instead of require_once()’ing it in several places. [38371] #36335
• Move is_wp_error() to load.php so that WP_Error is in a file by itself. [38363] #37827

Media

• Add a $wp_error parameter to wp_insert_attachment() to give it parity with wp_insert_post(). [38408] #37813

Multisitemultisite Used to describe a WordPress installation with a network of multiple blogs, grouped by sites. This installation type has shared users tables, and creates separate database tables for each blog (wp_posts becomes wp_0_posts). See also network, blog, site

• Move get_current_site() to load.php so that it can be used in more places, instead of importing global $current_site. [38388] #37699

OEmbed

• Add unit tests. @group external-oembed is not run by default. [38454] #32360
• Move _wp_oembed_get_object() to embed.php, where all of the other embed functions live. WP_oEmbed is then in a file by itself. Load class-oembed.php in wp-settings.php and remove extraneous include calls. [38361] #37827

Permalinks

• Correct an invalidinvalid A resolution on the bug tracker (and generally common in software development, sometimes also notabug) that indicates the ticket is not a bug, is a support request, or is generally invalid. peramstructure tagtag A directory in Subversion. WordPress uses tags to store a single snapshot of a version (3.6, 3.6.1, etc.), the common convention of tags in version control systems. (Not to be confused with post tags.) in a test. [38417] #37858

Post Thumbnails

• Prevent post thumbnail previews from spilling into other images [38433] #37697

Posts, Post Types

• Introduce a missing private query var that should have been introduced as part of #15459 [38451] #15459, #34982
• Don’t improperly cast IDs when fetching post, user, or term objects. [38381] #37738

Press This

• The file for the WP_Press_This class should not produce side effects. Similar to what we did in r38355 for WP_Site_Icon, drop the instances of global instantiation for $wp_press_this via loading the file. The variable can be set inline when necessary. In most of those places, if the global is already set, the file does not load and stomp it currently. [38397] #37699

Query

• Add and improve tests for query conditionals on the front page and home page. [38413] #37851
• Collapse several of the is_* methods using __call(). Add method annotations. [38356] #37830
• Move WP_Query into its own file via svn cp. [38351] #37827

Role/Capability

• Only users who can manage options should be able to trashTrash Trash in WordPress is like the Recycle Bin on your PC or Trash in your Macintosh computer. Users with the proper permission level (administrators and editors) have the ability to delete a post, page, and/or comments. When you delete the item, it is moved to the trash folder where it will remain for 30 days./delete the page for posts or the front page, as they are the only users who can restore it or subsequently alter the “Front page displays” setting. [38378] #37580
• Set a property, $db, on WP_Roles to reduce global imports. [38387] #37699

Script Loader

• Properly adjust tests missed in [38443]. [38447] #37800
• Close the ` tag inwp_resource_hints()`. [38443] #37800
• Autoload in load-{scripts|styles}.php. [38412] #36335
• Move _WP_Dependency into its own file. [38375] #37827

Security

• Return a 403 instead of a 200 HTTP status when check_ajax_referer() fails [38421] #36362
• Trigger a _doing_it_wrong() when check_ajax_referer() is called without its first parameter. This brings it inline with check_admin_referer(). [38420] #36361

TaxonomyTaxonomy A taxonomy is a way to group things together. In WordPress, some common taxonomies are category, link, tag, or post format. https://codex.wordpress.org/Taxonomies#Default_Taxonomies.

• Remove unnecessary uniqueness check in get_attachment_taxonomies(). [38437] #37368
• Eliminate unnecessary variable in WP_Term_Query. [38377] #37544

Themes

• Correct the type for the $name parameter of the get_header, get_footer, get_sidebar, and get_template_part_{$slug} hooks. [38434] #37770
• Correct the list of possible values for the dynamic portion of the {$type}_template_hierarchy and {$type}_template filters. [38428] #14310
• Introduce tests for the theme template hierarchy. [38419] #14310
• Update filter names in the inline documentation for the get_*_template() functions. [38418] #14310, #37770
• Remove failing tests introduced in [38390]. [38403] #14310
• Begin introducing unit tests for the expected theme template hierarchy. More to come. [38390] #14310
• Make the template hierarchy for a given template type filterable [38385] #14310

TinyMCE

• Change the default font for the vi localeLocale A locale is a combination of language and regional dialect. Usually locales correspond to countries, as is the case with Portuguese (Portugal) and Portuguese (Brazil). Other examples of locales include Canadian English and U.S. English. to the same stack as he_IL. [38427] #37755
• Fix toolbars alignment in RTL. [38349] #37760

Unit tests

• Enforce $args object in wp_nav_menu() & Walker_Nav_Menu [38400] #24587

Upgrade/Install

• Don’t display PHP errors during installation [38423] #37358
• After [37687], fix the number of params passed to the upgrade hooks [38415] #37731
• Wp-admin/includes/class-wp-upgrader-skins.php is unused, remove it. All of the same includes are loaded in class-wp-upgrader.php. [38379] #37827

Props

Thanks to @afercia, @Akeif, @andizer, @Ankit, @azaozz, @boonebgorges, @celloexpressions, @Chaos, @danielkanchev, @dd32, @deeptiboddapati, @diagnose, @DrewAPicture, @DylanAuty, @Engine, @flixos90, @fo, @Frank, @Frozzare, @GaryJ, @gitlost, @grapplerulrich, @Gupta, @helping, @henrywright, @ionutst, @iseulde, @issue, @ixkaito, @JakePT, @jipmoors, @joemcgill, @johnbillion, @JohnPBloch, @jrf, @K, @Klein, @kraftbj, @mapk, @melchoyce, @mrahmadawais, @nmt90, @ocean90, @pento, @peterwilsoncc, @Presskopp, @Rarst, @rodrigosprimo, @SergeyBiryukov, @shayanys, @stephenharris, @swisspidy, @swissspidy, @this, @TimothyBlynJacobs, @tnash, @to, @tollmanz, @valendesigns, @westonruter, @wonderboymusic, and @zsusag for their contributions!

#4-7, #week-in-core